[TABS_R id=6660]
Which of the following is most likely to be used in a reflected DoS attack?
- NTP
- STP
- ARP
- IGMP
Explanation:
Network Time Protocol (NTP) servers are often used in a reflected attack, which if an attack bounced off a third to hit the target. This helps to hide the source of the attack. NTP is used to synchronize the clocks of computers on the network. Time synchronization is important in areas such as event logs, billing services, e-commerce, banking, and HIPAA security rules.
While spanning tree protocol can be used in network attacks on switches, it is not a DoS type attack. STP uses the Spanning Tree Algorithm (STA) to help a switch or bridge by allowing only one active path at a time. STP can prevent network congestion and broadcast storms.
There are two types of STP: spanning tree (802.1d) and rapid spanning tree (802.1w). 802.1d is an older standard that was designed when a minute or more of lost connectively was considered acceptable downtime.
Address resolution protocol (ARP) is also used in attacks, especially man in the middle, but it is not a DoS attack. ARP tables show the relationship of IP address to MAC address. But they cannot be used for DNS and DHCP integration.
Internet Group Messaging Protocol (IGMP) is not typically used in network attacks.
Objective: Attack Methods
Sub-Objective: Describe these network attacks: Denial of service, Distributed denial of service, Man-in-the-middle.
[TABS_R id=6660]